Sweeping bitcoin paper wallets to the Casa app

Paper wallets were one of the earliest ways in bitcoin's history to secure bitcoin. While they have since fallen out of favor and been replaced by more secure storage solutions, some Casa members have bitcoin they have stored on an old paper wallet and would like to move it to their Casa vault.

This guide will walk you through a step-by-step process to transition your funds from a paper wallet to Casa while ensuring that your private keys are not compromised.

Requirements

• 1 or more paper wallets (this guide assumes bitaddress.org or similar)
• 1 ONLINE laptop with Electrum, GPG, and the Tor Browser installed
• 1 OFFLINE laptop running Electrum with GPG installed 
• Mobile phone with the Casa app installed and a camera
• (Optional) Unopened USB flash drive from a major manufacturer to load Electrum onto offline laptop 

1. Download and verify software

We'll use the open source bitcoin client Electrum to create and sign the transactions that will send your funds to your Casa account, and Tor Browser to push them to the network. There have been documented attacks on various open source software applications, so it's important to verify the code before we use it. 

GPG

GPG (short for GnuPG) is a cryptography toolkit that we will use to verify our Electrum download.

Ubuntu:

Open a terminal with CTRL+ALT T, then run the following commands:

sudo apt-get update

sudo apt-get install gnupg2

MacOS:

Open a terminal from Applications/Downloads or using Spotlight search, then run the following commands:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

brew install gnupg

Electrum

1. Download Electrum and the signature file for your version
2. Download the developer's PubKey
3. Open Terminal and navigate to your Downloads folder
   • To locate your terminal, search in Spotlight, or press CTRL+ALT+T in most Linux distributions
   • On Mac and Linux, type:

     cd ~/Downloads

4. Verify the application file by running the following commands in your Downloads folder:

   gpg --import ThomasV.asc
   gpg --verify [electrum-signature-filename.asc] [electrum-application-filename]

         You should get an output that looks something like this:

     5. Repeat this process on your second laptop, or, if you have a USB flash drive and are using the same OS, copy the verified file to your offline machine using the flash drive

Tor Browser

1. Download Tor Browser and the signature file for your version on your ONLINE laptop
2. Open Terminal and navigate to your Downloads folder
3. Verify the application file by running the following commands in your Downloads folder:

gpg --auto-key-locate nodefault,wkd --locate-keys [email protected]

gpg --verify [electrum-signature-filename.asc] [electrum-application-filename]

2. Securing your offline laptop

During this transition, it is critical that your private keys are held on a computer that is completely offline. This way, even if your machine were to be compromised, an attacker would not be able to send your bitcoin. To ensure this, we will turn off all networking services. Depending on your threat model, you may want to consider additional steps that include modifying your hardware as well.

To disable WiFi on your Linux laptop, enter the following commands:

sudo nmcli radio wifi off
sudo nmcli networking off
sudo service bluetooth stop

Alternatively, you can physically remove the WiFi and Bluetooth cards. Search YouTube or iFixit for "replace WiFi/Bluetooth card [make and model of your laptop]." If you want to be extremely careful, you can also consider disabling your speakers.

3.  Generating a transaction using the public keys

Now that both machines are ready to go, it's time to generate your transaction. We'll do this using your online laptop, since Electrum will need to find your UTXOs to get started.

1. Open Electrum on your ONLINE laptop, click 'File' in the menu bar, and select 'New/Restore'
2. Choose a name for your wallet - we suggest something like paper_pubkey_01
3. Select 'Import Bitcoin address or private keys'

WARNING - Be careful not to type or scan your PRIVATE KEY on your ONLINE laptop accidentally!

1. Type or scan a PUBLIC KEY addresses into Electrum
2. Encrypt the file with a strong password using a password manager
3. On the next screen, you should see your wallet balance and previous transactions. Click 'Send' from the top of the screen, tap the camera icon, and confirm access to your laptop’s webcam.
4. From your Casa app:
• Tap the vault you want to send to.
• Tap the "Deposit Funds" button (if this is your first deposit) or the "Receive" button (if you have made previous deposits).
• Hold the QR code up to the camera
• Verify that the address in Electrum matches what is displayed in the Casa app 
5. Enter the amount of bitcoin you would like to send in this transaction, set the fee level, and click 'Preview'
• Note: It is best to send everything in each UTXO at once if possible  
6. The next screen will show the 'Sign' and 'Broadcast' buttons as unavailable, because this machine doesn't have your private key. Click the QR icon to generate the unsigned transaction's QR code. Take a photograph of this QR code with your phone.

4.  Signing transactions

We now have a raw unsigned transaction ready for your private key, saved in the form of a QR code. The next step will be to transfer this data to your air-gapped (OFFLINE) computer and add a signature from your private key.

1. Open Electrum on your OFFLINE laptop, click 'File' in the menu bar, and select 'New/Restore'
2. Choose a name for your wallet, I suggest something like paper_privkey_01
3. Select 'Import Bitcoin address or private keys'

ALERT - You are about to enter your PRIVATE KEY! Do not insert or remove any media into this machine or connect to the internet until all funds from this wallet have been sent to your Casa vault.

1. Type or scan the corresponding PRIVATE KEY addresses into Electrum
2. Encrypt the file with a strong password using a password manager
3. Click 'Tools' from the top menu bar, scroll down to 'Load Transaction', select 'From QR code', and scan the photograph you took of the unsigned transaction
4. IMPORTANT: Verify the output address matches the one in your Casa app
5. Click 'Sign', then click the QR icon, and take a picture of the updated code

5.  Broadcasting your transactions

Your transaction is now signed! The last step is to bring the signed transaction back to a connected computer and broadcast it to the network.

1. Open Electrum on your ONLINE laptop and repeat step 6 above, this time scanning the signed QR code
2. IMPORTANT: Verify the output address matches the one in your Casa app

ALERT - To maximize privacy, do not click 'Broadcast'!

1. Select 'Copy' at the bottom left, 
2. Open Tor Browser to one of the following URLs, and paste the raw transaction hex into the text box.
1. Blockstream - https://blockstream.info/tx/push
2. Blockcypher - https://live.blockcypher.com/btc/pushtx/

That's it! Check your Casa vault and you will see a new pending balance. You can now generate a new receive address and repeat this process as many times as you would like.